Bristol Airport Ransomware; an all too human failing

Bristol Airport Ransomware; an all too human failing.

Air travel has been in the news recently for all the wrong reasons. Last week we saw the British Airways website targeted with a credit card skimming alteration to the Javascript in their online payment system. This week Bristol Airport was hit with a Ransomware based attack, the consequences of which, took down systems responsible for displaying flight information to customers at the airport. A spokesperson for Bristol Airport indicated that there was a need to offline a number of applications as part of a containment process to ensure that Ransomware did not spread outside part of an administration area and affect critical systems.

The key question here is; were they deliberately targeted because they are an airport? Initial indications suggest that it was speculation rather than specific but it is certainly worrying when high-risk public services are caught and affected by cyber-attacks. Hackers identifying high-risk, high-yield targets such as air traffic control or blue-light services is likely to increase. Although no Ransomware was paid in the case of Bristol Airport, it was fortunate that it was only non-critical systems, which were affected.

So what is the measure that organisations such as airports, airlines and public services can take to mitigate against these all too frequent attacks? Ransomware is an attack that is often perpetrated via email, with links or attachments embedded into messages luring staff to click, with devastating consequences. Making sure staff stick with security processes and understand the risks is a key part of security protection and the human aspect of this is the most difficult to control and measure.

Node4’s team of security experts run a host of specialised managed services under the Security as a Service heading (SECaaS). We can provide Phishing Campaigns that companies can use to measure the level of staff compliance and understanding of security policy. It is only by measuring employee understanding and their willingness to comply with security processes that companies have any chance of combating the risk that hackers prey upon. No matter how many layers of protection security experts put in place, the weakest link is the human element. Managing that human portion is essential in any cyber-security strategy.

If you would like more information on how Node4 can harden your security stance, drop us an email at enquiries@node4.co.uk or call us on 0845 123 2222.